-
Notifications
You must be signed in to change notification settings - Fork 0
/
New-SelfSignedCertificate02.ps1
69 lines (62 loc) · 2.06 KB
/
New-SelfSignedCertificate02.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
#Variables
$CertLocation = 'C:\temp\VPN'
$Cert = ${CertPrefix}+"Client.pfx"
$CertName = "$CertLocation$Cert"
$CertPrefix = "b3VPN"
##Create a self-signed root certificate
if((Test-Path -Path $CertLocation -ErrorAction SilentlyContinue) -eq $false){
mkdir $CertLocation
cd $CertLocation
}
else {
cd $CertLocation
}
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature `
-Subject "CN=${CertPrefix}Root" `
-KeyExportPolicy Exportable `
-HashAlgorithm sha256 `
-KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-KeyUsageProperty Sign -KeyUsage CertSign -NotAfter (Get-Date).AddMonths(24)
##Generate a client certificate
New-SelfSignedCertificate `
-Type Custom `
-DnsName P2SChildCert `
-KeySpec Signature `
-Subject "CN=${CertPrefix}Client" `
-KeyExportPolicy Exportable `
-HashAlgorithm sha256 `
-KeyLength 2048 `
-CertStoreLocation "Cert:\CurrentUser\My" `
-Signer $cert `
-TextExtension @("2.5.29.37={text}1.3.6.1.5.5.7.3.2") -NotAfter (Get-Date).AddMonths(24)
##Export Certificates
$RootCert = (Get-ChildItem `
-Path "Cert:\CurrentUser\My\"`
| Where-Object `
-Property subject `
-Match ${CertPrefix}Root)
$ClientCert = (Get-ChildItem `
-Path "Cert:\CurrentUser\My\"`
| Where-Object `
-Property subject `
-Match ${CertPrefix}Client)
Export-Certificate `
-Type CERT `
-Cert $RootCert `
-FilePath "$CertLocation\${CertPrefix}RootTemp.cer"
Export-Certificate `
-Type CERT `
-Cert $ClientCert `
-FilePath "$CertLocation\${CertPrefix}Client.cer"
C:\windows\system32\certutil.exe -encode "$CertLocation\${CertPrefix}RootTemp.cer" "${CertPrefix}Root.cer"
Get-Content $CertLocation\${CertPrefix}Root.cer
$SecurePassword = Read-Host `
-Prompt "Enter Password to Export Cert with Private Key" `
-AsSecureString
$ThumbPrint = $ClientCert.Thumbprint
$ExportPrivateCertPath = "Cert:\CurrentUser\My\$ThumbPrint"
Export-PfxCertificate `
-FilePath "C:\temp\VPN\${CertPrefix}Client.pfx" `
-Password $SecurePassword `
-Cert $ExportPrivateCertPath